yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V14: Invalidate user tokens (#15651)

Browse Source 
* Adding revoke user auth token handler and registering it

* Maintain method clarity by grouping new calls into its own method

* Rename functions to what they do

* Suggested linq function of tripple nesting

* Reduce nesting by early loop continuation

* Fix PR suggestion async typo

* Review suggestions

* Log msg alignment between members and users

---------

Co-authored-by: Sven Geusens <sge@umbraco.dk>
This commit is contained in:
Elitsa Marinovska
2024-02-06 13:02:35 +01:00
committed by GitHub
parent 71b3076de9
commit 8c6e03d346
3 changed files with 239 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthBuilderExtensions.cs
View File

@@ -1,10 +1,12 @@
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using Umbraco.Cms.Api.Common.DependencyInjection;
using Umbraco.Cms.Api.Management.Handlers;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.DependencyInjection;
using Umbraco.Cms.Api.Management.Middleware;
using Umbraco.Cms.Api.Management.Security;
using Umbraco.Cms.Core.Notifications;
using Umbraco.Cms.Infrastructure.Security;
using Umbraco.Cms.Web.Common.ApplicationBuilder;
@@ -17,7 +19,19 @@ public static class BackOfficeAuthBuilderExtensions
builder
.AddAuthentication()
.AddUmbracoOpenIddict()
.AddBackOfficeLogin();
.AddBackOfficeLogin()
.AddTokenRevocation();
return builder;
}
private static IUmbracoBuilder AddTokenRevocation(this IUmbracoBuilder builder)
{
builder.AddNotificationAsyncHandler<UserSavingNotification, RevokeUserAuthenticationTokensNotificationHandler>();
builder.AddNotificationAsyncHandler<UserSavedNotification, RevokeUserAuthenticationTokensNotificationHandler>();
builder.AddNotificationAsyncHandler<UserDeletedNotification, RevokeUserAuthenticationTokensNotificationHandler>();
builder.AddNotificationAsyncHandler<UserGroupDeletingNotification, RevokeUserAuthenticationTokensNotificationHandler>();
builder.AddNotificationAsyncHandler<UserGroupDeletedNotification, RevokeUserAuthenticationTokensNotificationHandler>();
return builder;
}